Storage Encryption Enhanced!

Lets keep things rolling lets talk about another great upgrade unveiled at Cisco Live San Diego 2012. With the latest version of NX-OS 5.2(6) on the MDS, Cisco has made some interesting changes to the Cisco Storage Media Encryption (SME) product. First, lets do a quick primer on SME for those of you who might not be familiar with the product and why you would consider it.

Cisco Storage Media Encryption is an in-line product that runs on the MDS storage switches that encrypts data at rest on tape, virtual tape, and disks. Encryption of data at rest is becoming more and more common as companies take additional steps to ensure the integrity of corporate IP and customer data. There are also a number of government regulations that require the encryption of data at rest, most notably HIPA regulations in the healthcare industry. Increased regulation requiring encryption of data at rest is likely as well.

SME does the encryption with encryption hardware engines built onto Fibre Channel modules on the MDS. SME is also managed with Cisco Data Center Manager (DCNM). This in-line, integrated approach prevents the performance bottlenecks caused by add-on encryption appliances and the integrated management with DCNM ensures ease of operation.

So what’s new? The first new feature on SME is Master Key Re-Key. This feature allows customers to change the master key. When the master key is changed, all of the sub-keys are unwrapped and rewrapped with the new master key. This kind of operation allows customers to change the master key with minimal disruption to operations.

The second feature available with the latest incarnation of SME is Signature on Disk. In disk signature mode, you can take snapshots across LUNs during key-change operations. SME will automatically recognize these snap shots based on the signature. This simplifies snap shots and makes it easier to maintain both encryption and the backup safety of snap shots.

These features are available to anyone who as licensed Cisco Storage Media Encryption and is on NX-OS 5.2(6). Feature enhancements like these are part of Cisco’s continuing commitment increasing the value of our products to our customers. If you are interested in SME and it’s features, be sure to check out the Storage Media Encryption Design Guide for full details on how SME and these new features work.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.